Personal Telco first discussed using the browser as an authentication tool in December 2000. This is a list of software that implements a CaptivePortal or ActivePortal solution. It could surely use an update -- DanRasmussen 2012-05-27 12:54:01 (I did just that, although this may be incomplete. -- TheAnarcat 2012-08-28 22:00:26)

LiveCD

Open Source

Kanet have been wrote in Metz University to provide wireless access to students, guest, … Kanet is based on Netfilter's lib from kernel, it allows to control connections via the “QUEUE”. Last release: 2010

Written in perl, supports Linux/iptables and OpenBSD/pfctl. GPLed. Supports authenticating modes against an auth service with a wide variety of backends, including a MySQL database, PAM, RADIUS, LDAP, and more. Also features a non-authenticating "open mode" that merely requires a user to accept an AUP before they can log in. This project is more or less seeking a new maintainer. Last release: 2003.

Captive portal that works inline at Layer 2 in your network. Supports vlans and trunk interfaces. Uses arp to detect if users are still connected. Written in perl, and easy to add new features. Developed at the University of Wisconsin - Madison. Last release: 2005.

GPLed, written in C, runs on FreeBSD. Uses Ajax (or Java applet) to keep the connection open. When the authenticated user closes the browser or OS, the network for the terminal is closed immediately. Ftp, pop3, pop3s, RADIUS, LDAP or PAM for an authentication back-end. Developed in Saga University (Japan). Last release: unknown.

Uses a PAM module to insert an iptables rule. Very simple and effective. (Added by LimAko).

StockholmOpen by the Royal Institute of Technology in Stockholm, Sweden

This system is also operator neutral, allowing different users to connect through the access network to different upstream providers. Implementation in C, uses PAM, Linux/FreeBSD. BSD License. (Added by MartinHedenfalk).

Inspired by the simplicity of wicap, intended to run on FreeBSD by utilizing Perl and ipfw. Doesn't provide much functionality, other than a simple AUP agreement. Development version includes abstract authentication system. Last release: 2003.

ChilliSpot is an open source captive portal or wireless LAN access point controller written in C which supports web based login (external web server required) as well as Wireless Protected Access (WPA), sports a builtin DHCP server and a RADIUS client/proxy server to handle authentication, authorization and accounting (AAA) via an external Radius server. Currently runs on Linux (RedHat, Fedora, Debian binaries and Gentoo ebuild available) but should compile also on FreeBSD, OpenBSD, Solaris, Apple OS X. Previously known as hotspotd, which was available only as binary. Last release (1.1): 2006. (Added by Ovidiu)

Embedded Firewall based on FreeBSD that can run from embedded devices as well as PC's. The Captive Portal software included with it allows for button/AUP pass through, as well as authentication using Radius. Last release: 2011.

Firewall based on FreeBSD6 that can run from embedded devices as well as PC's. The Captive Portal software included with it allows for button/AUP pass through, as well as authentication using Radius. Last release: 2011.

The WiFiDog project was started by Île sans fil and is currently in production. Existing captive were either almost impossible to embed or only designed to display disclaimers with no access control at all (No Cat Splash and others). WiFiDog is designed to have optional centralized access control, full bandwidth accounting, node heartbeating and local content specific to each hotspot. It does not rely on a javascript window, so it works with any platform with a web browser, including PDAs and cellphones. It is developed in C to make it easy to include in embedded systems (It has been designed for the LinkSys WRT54G, but runs on any recent linux platform). A typical install only takes 30kb on i386, and a fully functionnal install could be made in under 10 kb if necessary.

Fork of chilispot. PepperSpot is a captive portal or wireless LAN access point controller which support the IPv6 protocol. It supports web based login and it supports Wireless Protected Access (WPA). Authentication is handled by your favorite radius server (over IPv4/IPv6). Last release: 2011.

Fork of Chillispot. open-source software access controller for captive portal (UAM) and 802.1X access provisioning, based on the popular (but now defunct) ChilliSpot project, and is actively maintained by an original ChilliSpot contributor. Last release: 2011.

Free

AmazingPorts provide a simple to install, Captive Portal/billing solution for free and commercial use - just download, burn CD and install.

New and upgraded Administration interface + contact customer service if you need any special functions

Support for Admin, VoucherMaker, Support Agent roles in the admin interface

Integrated support for POP, IMAP and HTTP based authentication of users

Mobilestar used P020s for the initial deployment of over 600 Starbucks. When Voice Stream bought the remnants of the bankruptcy, all 600+ Starbucks were retrofitted because Nokia's solution did not properly safeguard username and password combinations with an https page. P022 corrected this major bug among a few other things.

P020 Public Access Zone Controller (discontinued) is an integrated network appliance with a RADIUS client and DHCP server.

P022 Access Controller (discontinued) Nokia P022 Access Controller--Your IP Gateway to the Internet. The Nokia P022 Access Controller is a gateway between the Wireless LAN network and the Internet. The P022 authenticates the user, monitors network usage in real-time, collects charging information and acts as a router. The Nokia P022 Access Controller can be connected to the Nokia Authentication Server for integration into a mobile operators network or to a RADIUS server for integration into other customer, care and billing systems.

"To prevent such unauthorized access and hacking, OIT developed its own authentication program requiring wireless users to log in through a web browser before access to the Internet is granted. If a user's connection is inactive for a certain amount of time, the authentication system closes the user's access, deterring potential hackers from taking advantage of the connection."

Not quite true. The Starbucks deal was Mobilestar, and there was precious little Microsoft content in the deal (or company). --Jim Thompson

"... enables mobile professionals to access mission-critical data on the corporate LAN from all major handheld devices, with optimized performance and true end-to-end security from application to application. In addition, Columbitech's solution offers a secure always-on experience. Columbitech Wireless VPN will also support wireless network roaming."